CVE-2006-5499
https://notcve.org/view.php?id=CVE-2006-5499
Multiple cross-site scripting (XSS) vulnerabilities in Serendipity (s9y) 1.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the media manager administration page. Múltiples vulnerabilidades en secuencias de comandos en sitios cruzados (XSS) en Serendipity (s9y) 1.0.1 y anteriores, permite a atacantes remotos la inyección de secuencias de comandos Web o HTML de su elección, a través de vectores no especificados en la página del administrador del gestor de media. • http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0395.html http://secunia.com/advisories/22501 http://securityreason.com/securityalert/1771 http://securitytracker.com/id?1017100 http://www.hardened-php.net/advisory_112006.136.html http://www.osvdb.org/29893 http://www.s9y.org/forums/viewtopic.php?t=7356 http://www.securityfocus.com/archive/1/449189/100/0/threaded http://www.securityfocus.com/bid/20627 http://www.vupen.com/english/advisories/2006/4135 https:/ •
CVE-2006-2495
https://notcve.org/view.php?id=CVE-2006-2495
Cross-site request forgery (CSRF) vulnerability in the Entry Manager in Serendipity before 1.0-beta3 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag. • http://secunia.com/advisories/20155 http://sourceforge.net/project/shownotes.php?release_id=414920&group_id=75065 http://www.vupen.com/english/advisories/2006/1855 •
CVE-2006-1910
https://notcve.org/view.php?id=CVE-2006-1910
config.php in S9Y Serendipity 1.0 beta 2 allows remote attackers to inject arbitrary PHP code by editing values that are stored in config.php and later executed. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. • http://archives.neohapsis.com/archives/bugtraq/2006-04/0282.html http://www.securityfocus.com/bid/17566 •
CVE-2005-3129
https://notcve.org/view.php?id=CVE-2005-3129
Cross-site request forgery (CSRF) vulnerability in Serendipity 0.8.4 and earlier allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag to serendipity_admin.php. • http://lists.grok.org.uk/pipermail/full-disclosure/2005-September/037580.html http://marc.info/?l=bugtraq&m=112801570631203&w=2 http://secunia.com/advisories/17011 https://exchange.xforce.ibmcloud.com/vulnerabilities/22456 •
CVE-2005-1712
https://notcve.org/view.php?id=CVE-2005-1712
Unknown vulnerability in Serendipity 0.8, when used with multiple authors, allows unprivileged authors to upload arbitrary media files. • http://secunia.com/advisories/15405 http://sourceforge.net/project/shownotes.php?release_id=328092 http://www.osvdb.org/16659 •